google oauth1 to oauth2 migration invalid_token error - google-oauth

I have been trying to obtain new oauth2 refresh tokens using oauth1 access token but it constantly returns an "invalid_token" error. I have checked and the access token is working correctly. I have also tested the same creds/params in oauth2 playground and result is the same. Any help is appreciated...
Here is the curl verbose output:
> POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce="cb7407355fe20f509cb6bf901eae2d24", oauth_timestamp="1389169471", oauth_consumer_key="***", oauth_token="1%2FFVy....", oauth_signature_method="HMAC-SHA1", oauth_signature="0YL1hH5R571nOH1byeHxQlg%2Fa6g%3D"
Content-Length: 444
* upload completely sent off: 444 out of 444 bytes
< HTTP/1.1 400 Bad Request
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Date: Wed, 08 Jan 2014 08:24:31 GMT
< Content-Type: application/json
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
* Server GSE is not blacklisted
< Server: GSE
< Alternate-Protocol: 443:quic
< Transfer-Encoding: chunked
<
* Connection #0 to host accounts.google.com left intact
string(415) "HTTP/1.1 400 Bad Request
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 Jan 2014 08:24:31 GMT
Content-Type: application/json
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked
{
"error" : "invalid_token"
}"

Can you check if you are putting the client_secret in {} in the POST Body?
grant_type=urn:ietf:params:oauth:grant-type:migration:oauth1&client_id=xxxxxxx.apps.googleusercontent.com&client_secret={xxxxxxx}
You will also need to put {} around the client_secret value when you are generating the oauth_signature

We have made a few changes to the validation pieces of the OAuth1->OAuth2 token migration. Would you mind checking your migration flows again and updating this thread with the results?

Related

RestSharp Issue With 402 Response

I'm using RestSharp to interface with the Auth0 and Sisense APIs. Everything's working fine except when deleting a user in Auth0. I send the delete request as a DELETE and Auth0 successfully deletes the user.
Here is the response I'm getting from Auth0:
HTTP/1.1 204 No Content
Date: Wed, 19 Feb 2020 16:35:28 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Server: nginx
ot-tracer-spanid: 21cd87957d9bac76
ot-tracer-traceid: 25a636cb6e5fd4ca
ot-tracer-sampled: true
x-ratelimit-limit: 50
x-ratelimit-remaining: 49
x-ratelimit-reset: 1582130129
vary: origin,accept-encoding
cache-control: no-cache
Strict-Transport-Security: max-age=15724800
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
And here's what I'm getting in the RestSharp response:
System.Runtime.Serialization.SerializationException: Invalid JSON string
at RestSharp.RestClientExtensions.ThrowIfError(IRestResponse response)
at RestSharp.RestClientExtensions.DeleteAsync[T](IRestClient client, IRestRequest request)
I'm making a call to a Sisense web service and RestSharp is handling the 402 just fine. Here's the Sisense response:
HTTP/1.1 204 No Content
Date: Wed, 19 Feb 2020 16:32:14 GMT
Connection: keep-alive
Set-Cookie: sisense-cookieCORS=***************************; Path=/; SameSite=None; Secure
Set-Cookie: sisense-cookie=***************************; Path=/
X-UA-Compatible: IE=Edge
x-xss-protection: 1; mode=block
x-frame-options: ALLOW-FROM https://****************************************************
content-security-policy: frame-ancestors ****************************************************
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: -1
Pragma: no-cache
The main difference between the two is the Content-Type directive present in Auth0. Is that what's causing the problem? Is there a workaround?

Why can't googlebot fetch my JavaScript file?

https://api-staging-weld.freetls.fastly.net/scripts/customdomain_weld.19f3e9ec.js
The error I get in Google Search Console is Temporarily unreachable with no further explanation. I think it's something with my http headers but can't figure out which one. Here they are:
accept-ranges: bytes
access-control-allow-origin: *
age: 4905
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 29990
content-type: application/javascript; charset=UTF-8
date: Fri, 20 Apr 2018 12:46:37 GMT
etag: W/"1a018-162e269bfe0"
last-modified: Fri, 20 Apr 2018 09:36:44 GMT
server: Cowboy
status: 200
vary: Accept-Encoding
via: 1.1 vegur
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-powered-by: Express
x-served-by: cache-bma7030-BMA
x-timer: S1524228398.925110,VS0,VE6
What's wrong or what am i Missing?

Webmaster tools do not show a website as verified using Site Verification API

Why Google webmaster tool doesn't show the verified site on the webmaster tool? I am getting status code 200 when using both OAuth 2 playground and my program. But when check on https://www.google.com/webmasters/tools/ I cannot see the verified site.
This is the response I am getting from Google:
HTTP/1.1 200 OK
Content-length: 220
Via: HTTP/1.1 GWA
X-content-type-options: nosniff
Etag: "00deUEyKiunbfrZpRY_GOwanRBXo/rPzr3x8uGF7cZ_o8tWZ9Z9Yp87RwQU"
X-google-cache-control: remote-fetch
-content-encoding: gzip
Server: GSE
X-xss-protection: 1; mode=block
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Wed, 10 Jul 2013 09:38:26 GMT
X-frame-options: SAMEORIGIN
Content-type: application/json; charset=UTF-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
{"id":"http%3A%2F%2Fsample.net%2F","site":{"type":"SITE","identifier":"http://sample.net/"},"owners":["sample#gmail.com"]}
Can anyone suggest the reason behind this?

GDATA and youtube, Get all videos on a playlist

Does anyone know how to get all the videos from a playlist ?
E.g from this playlist
https://gdata.youtube.com/feeds/api/playlists/454A0274C1223C90?v=2
it caps at 10 results
I tried &max-results=1000 but that 404'ed
try asking for 50 results at a time ( max allowed )
GET /feeds/api/playlists/454A0274C1223C90?v=2&&max-results=100&fields=entry/id,entry/title&key=4{your-key} HTTP/1.1
Host: gdata.youtube.com
Authorization: OAuth ya29.AHES6ZQMwDjrUKh8RLysv-ZzF3DaUmg0XmG0jtVcWdSA0A
HTTP/1.1 400 Bad Request
status: 400
content-length: 246
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expires: Sat, 28 Apr 2012 16:29:01 GMT
x-google-cache-control: remote-fetch
server: GSE
via: HTTP/1.1 GWA
x-gdata-user-country: US
cache-control: private, max-age=0
date: Sat, 28 Apr 2012 16:29:01 GMT
x-frame-options: SAMEORIGIN
content-type: application/vnd.google.gdata.error+xml
-content-encoding: gzip
<errors xmlns='http://schemas.google.com/g/2005'><error><domain>GData</domain><code>InvalidRequestUriException</code><internalReason>Max-results value is too high. Only up to 50 results can be returned per query.
GET /feeds/api/playlists/454A0274C1223C90?v=2&&max-results=50&fields=entry/id,entry/title&key=${key} HTTP/1.1
Host: gdata.youtube.com
Authorization: OAuth ya29.AHES6ZQMwDjrUKh8RLysv-ZzF3DaUmg0XmG0jtVcWdSA0A
HTTP/1.1 200 OK
status: 200
gdata-version: 2.1
content-length: 6703
via: HTTP/1.1 GWA
content-location: https://gdata.youtube.com/feeds/api/playlists/454A0274C1223C90?v=2&&max-results=50&fields=entry/id,entry/title&key=w1Q
x-content-type-options: nosniff
expires: Sat, 28 Apr 2012 16:32:08 GMT
vary: Accept, X-GData-Authorization, GData-Version
x-google-cache-control: remote-fetch
server: GSE
last-modified: Sat, 28 Apr 2012 10:46:07 GMT
x-xss-protection: 1; mode=block
etag: W/"A04CRn47eCp7I2A9WhVWFk0."
cache-control: private, max-age=300, no-transform
date: Sat, 28 Apr 2012 16:32:08 GMT
x-frame-options: SAMEORIGIN
content-type: application/atom+xml; charset=UTF-8; type=feed
-content-encoding: gzip
x-gdata-user-country: US

Apache (2.0) mod_headers not outputting environment variables?

My .htaccess file:
Header add X-Hello "time %D"
Now I check to see what it looks like, check out the X-Hello header:
$curl -v http://foo.com/bar.php
...
< HTTP/1.1 200 OK
< Date: Wed, 06 Oct 2010 20:43:39 GMT
< Server: Apache
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Pragma: no-cache
< Set-Cookie: PHPSESSID=7d32d8fch8qrnnuvoqqopr74c0; path=/
< X-Hello: time %D
< Transfer-Encoding: chunked
< Content-Type: text/html
Which is clearly contrary to the Apache documentation below. Is there some other directive that mod_headers needs in order to interpolate environment variables?
http://httpd.apache.org/docs/2.0/mod/mod_headers.html#examples
Without note otherwise, hosting provider admitted to still using Apache 1.3 which does not interpolate values in mod_header.